[Owasp-leaders] Web Application Vulnerability Examples

John Wilander john.wilander at owasp.org
Wed Dec 22 08:39:53 EST 2010


Hi Psiion (and the rest)!

I've been working on a joint "New Webgoat + OWASP Demo App" to use for both
training and demos. I used it for my two talks at IBWAS last week. Maybe we
could make it the tool you want?

Java/jsp, Struts 2, JAX-RS, Spring, Mockito, JQuery, Maven, Jetty, IntelliJ
CE etc. Next in line are SQL and NOSQL persistence layers.

   /John


2010/12/22 psiinon <psiinon at gmail.com>

> Hi folks,
>
> As part of the development of the Zed Attack Proxy I need a simple set
> of web pages that exhibit standard vulnerabilities.
> I know about the example vulnerable apps like Webgoat, DVWA, Gruyere,
> Hackme etc.
> However these are aimed at people.
> I want a set of web pages for regression testing ZAP, so I'd like as
> many examples and variants as possible, ideally with just one example
> per page.
>
> Do any of you know of such examples?
>
> If not then I'll implement them myself (I've already made a start),
> but if anyone else wants to get involved then I'd welcome the
> assistance :)
>
> I guess these examples could be useful to other projects.
> In theory such pages could be used to test the effectiveness of
> vulnerability scanners, although my goal is to develop a regression
> test suite for ZAP.
> They could also be used as a training aid. (Not sure what a specific
> vulnerability looks like in practice? Look here...)
> So does anyone think they should be spun of into a new OWASP project,
> either now or potentially later?
>
> Many thanks,
>
> Psiinon
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>



-- 
John Wilander, https://twitter.com/johnwilander
Chapter co-leader OWASP Sweden, http://owaspsweden.blogspot.com
<http://owaspsweden.blogspot.com>Co-organizer Global Summit,
http://www.owasp.org/index.php/Summit_2011
<http://www.owasp.org/index.php/Summit_2011>Conf Comm,
http://www.owasp.org/index.php/Global_Conferences_Committee
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101222/d18692b1/attachment.html 


More information about the OWASP-Leaders mailing list